@using OrchardCore.OpenId.ViewModels
@using OrchardCore.OpenId.Settings
@using System.Security.Cryptography.X509Certificates
@model OpenIdServerSettingsViewModel

<p class="alert alert-warning">@T["The current tenant will be reloaded when the settings are saved."]</p>

<h3>Endpoints</h3>
<fieldset class="form-group" asp-validation-class-for="EnableTokenEndpoint">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="EnableTokenEndpoint">
        <label class="custom-control-label" asp-for="EnableTokenEndpoint">@T["Enable Token Endpoint"]</label>
        <span class="hint">— @T["Enables action"] /connect/token</span>
    </div>
</fieldset>

<fieldset class="form-group" asp-validation-class-for="EnableAuthorizationEndpoint">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="EnableAuthorizationEndpoint">
        <label class="custom-control-label" asp-for="EnableAuthorizationEndpoint">@T["Enable Authorization Endpoint"]</label>
        <span class="hint">— @T["Enables action"] /connect/authorize</span>
    </div>
</fieldset>

<fieldset class="form-group" asp-validation-class-for="EnableLogoutEndpoint">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="EnableLogoutEndpoint">
        <label class="custom-control-label" asp-for="EnableLogoutEndpoint">@T["Enable Logout Endpoint"]</label>
        <span class="hint">— @T["Enables action"] /connect/logout</span>
    </div>
</fieldset>

<fieldset class="form-group" asp-validation-class-for="EnableUserInfoEndpoint">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="EnableUserInfoEndpoint">
        <label class="custom-control-label" asp-for="EnableUserInfoEndpoint">@T["Enable User Info Endpoint"]</label>
        <span class="hint">— @T["Enables action"] /connect/userinfo]</span>
    </div>
</fieldset>

<h3>Flows</h3>

<fieldset class="form-group collapse" asp-validation-class-for="AllowAuthorizationCodeFlow">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="AllowAuthorizationCodeFlow">
        <label class="custom-control-label" asp-for="AllowAuthorizationCodeFlow">@T["Allow Authorization Code Flow"]</label>
        <span class="hint">— @T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth</a></span>
    </div>
</fieldset>

<fieldset class="form-group collapse" asp-validation-class-for="AllowImplicitFlow">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="AllowImplicitFlow">
        <label class="custom-control-label" asp-for="AllowImplicitFlow">@T["Allow Implicit Flow"]</label>
        <span class="hint">— @T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth</a></span>
    </div>
</fieldset>

<fieldset class="form-group collapse" asp-validation-class-for="AllowPasswordFlow">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="AllowPasswordFlow">
        <label class="custom-control-label" asp-for="AllowPasswordFlow">@T["Allow Password Flow"]</label>
        <span class="hint">— @T["More info:"] <a href="https://tools.ietf.org/html/rfc6749#section-1.3.3">https://tools.ietf.org/html/rfc6749#section-1.3.3</a></span>
    </div>
</fieldset>

<fieldset class="form-group collapse" asp-validation-class-for="AllowRefreshTokenFlow">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="AllowRefreshTokenFlow">
        <label class="custom-control-label" asp-for="AllowRefreshTokenFlow">@T["Allow Refresh Token Flow"]</label>
        <span class="hint">— @T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens">http://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens</a></span>
    </div>
</fieldset>

<fieldset class="form-group collapse" asp-validation-class-for="AllowClientCredentialsFlow">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="AllowClientCredentialsFlow">
        <label class="custom-control-label" asp-for="AllowClientCredentialsFlow">@T["Allow Client Credentials Flow"]</label>
        <span class="hint">— @T["More info:"] <a href="https://tools.ietf.org/html/rfc6749#section-1.3.4">https://tools.ietf.org/html/rfc6749#section-1.3.4</a></span>
    </div>
</fieldset>

<h3>Advanced options</h3>

<p class="alert alert-info">@T["These options are all optional and are for advanced users only."]</p>

<fieldset class="form-group" asp-validation-class-for="Authority">
    <label asp-for="Authority">@T["Authority"]</label>
    <input asp-for="Authority" class="form-control" />
    <span asp-validation-for="Authority"></span>
    <span class="hint">@T["The base URL of the identity server (this site). If none is provided, a default value based on the site host is automatically computed."]</span>
</fieldset>

<fieldset class="form-group" asp-validation-class-for="CertificateStoreLocation">
    <label asp-for="CertificateStoreLocation">@T["Certificate Store Location"]</label>
    <select asp-for="CertificateStoreLocation" class="form-control">
        <option value="">@T["None"]</option>

        @foreach (StoreLocation location in Enum.GetValues(typeof(StoreLocation)))
        {
            <option value="@location" selected="@(Model.CertificateStoreLocation == location)">@location.ToString()</option>
        }
    </select>
    <span asp-validation-for="CertificateStoreLocation"></span>
    <span class="hint">@T["Select the certificate location."]</span>
</fieldset>

<fieldset class="form-group" asp-validation-class-for="CertificateStoreName">
    <label asp-for="CertificateStoreName">@T["Certificate Store Name"]</label>
    <select asp-for="CertificateStoreName" class="form-control">
        <option value="">@T["None"]</option>

        @foreach (StoreName store in Enum.GetValues(typeof(StoreName)))
        {
            <option value="@store" selected="@(Model.CertificateStoreName == store)">@store.ToString()</option>
        }
    </select>
    <span asp-validation-for="CertificateStoreName"></span>
    <span class="hint">@T["Select the certificate store."]</span>
</fieldset>

<fieldset class="form-group" asp-validation-class-for="CertificateThumbprint">
    @if (Model.AvailableCertificates.Count != 0)
    {

        <label asp-for="CertificateThumbprint">@T["Certificate"]</label>
        <select asp-for="CertificateThumbprint" class="form-control">
            <option value="">@T["None"]</option>

            @foreach (var certificate in Model.AvailableCertificates)
            {
                var selectedCertificate = Model.CertificateThumbprint == certificate.ThumbPrint
                                            && Model.CertificateStoreLocation.HasValue && Model.CertificateStoreLocation.Value == certificate.StoreLocation
                                            && Model.CertificateStoreName.HasValue && Model.CertificateStoreName == certificate.StoreName;
                if (string.IsNullOrWhiteSpace(certificate.ThumbPrint))
                {
                    <option value="" data-StoreLocation="@certificate.StoreLocation" data-StoreName="@certificate.StoreName" selected="@(selectedCertificate)"></option>
                    continue;
                }
                var friendlyName = certificate.FriendlyName;
                if (string.IsNullOrWhiteSpace(friendlyName) && !string.IsNullOrWhiteSpace(certificate.ThumbPrint))
                {
                    friendlyName = "No Friendly Name";
                }
                <option value="@certificate.ThumbPrint" data-StoreLocation="@certificate.StoreLocation" data-StoreName="@certificate.StoreName" selected="@(selectedCertificate)">
                    @friendlyName [@certificate.NotBefore.ToString("dd/MM/yy") - @certificate.NotAfter.ToString("dd/MM/yy")] @certificate.Subject
                </option>
            }
        </select>
        <span asp-validation-for="CertificateThumbprint"></span>
        <span class="hint">@T["Select the certificate for signing tokens."]</span>
    }
    else
    {
        <div class="alert alert-warning" asp-validation-for="CertificateThumbprint">@T["You need to add a certificate to your server for setting up OpenID Connect module."]</div>
    }
</fieldset>

<fieldset class="form-group" asp-validation-class-for="UseRollingTokens">
    <div class="custom-control custom-checkbox">
        <input type="checkbox" class="custom-control-input" asp-for="UseRollingTokens">
        <label class="custom-control-label" asp-for="UseRollingTokens">@T["Use Rolling Tokens"]</label>
        <span class="hint">— @T["When this option is enabled, a new refresh token is issued for each refresh token request (and the previous one is automatically revoked)."]</span>
    </div>
</fieldset>

<fieldset class="form-group" asp-validation-class-for="AccessTokenFormat">
    <label asp-for="AccessTokenFormat">@T["Token Format"]</label>
    <select asp-for="AccessTokenFormat" class="form-control">
        @foreach (OpenIdServerSettings.TokenFormat format in Enum.GetValues(typeof(OpenIdServerSettings.TokenFormat)))
        {
            <option value="@format" selected="@(Model.AccessTokenFormat == format)">@format.ToString()</option>
        }
    </select>
    <span asp-validation-for="AccessTokenFormat"></span>
</fieldset>

<script at="Foot" type="text/javascript">
////<![CDATA[
    window.onload = function () {
        refreshCertificates();
        refreshEndpoints();
        $("#@Html.IdFor(m => m.AccessTokenFormat)").change(function () {
            refreshTokenTypeHint();
        });
        $("#@Html.IdFor(m => m.CertificateStoreLocation)").change(function () {
            refreshCertificates();
        });
        $("#@Html.IdFor(m => m.CertificateStoreName)").change(function () {
            refreshCertificates()
        });
        $("#@Html.IdFor(m => m.EnableTokenEndpoint), #@Html.IdFor(m => m.EnableAuthorizationEndpoint), #@Html.IdFor(m => m.AllowPasswordFlow), #@Html.IdFor(m => m.AllowAuthorizationCodeFlow)").change(function () {
            refreshEndpoints();
        });
        function refreshCertificates() {
            var location = $("#@Html.IdFor(m => m.CertificateStoreLocation)"),
                name = $("#@Html.IdFor(m => m.CertificateStoreName)"),
                thumbprint = $("#@Html.IdFor(m => m.CertificateThumbprint)");

            if (location.val()) {
                name.parent().show();

                if (name.val()) {
                    thumbprint.parent().show();
                    thumbprint.children("option[value!='']").hide();
                    thumbprint.children("option[data-StoreLocation=" + location.val() + "][data-StoreName=" + name.val() + "]").show();
                }
                else {
                    thumbprint.parent().hide();
                    thumbprint.val("");
                }
            }
            else {
                name.parent().hide();
                name.val("");
                thumbprint.parent().hide();
                thumbprint.val("");
            }
        }
        function refreshEndpoints() {
            refreshEnableTokenEndpoint();
            refreshAllowAuthorizationCodeFlowVisibility();
            refreshEnableAuthorizationEndpoint();
            refreshAllowRefreshTokenFlowVisibility();
        }
        function refreshEnableTokenEndpoint() {
            var enableTokenEndpoint = $("#@Html.IdFor(m => m.EnableTokenEndpoint)");
            var allowPasswordFlow = $("#@Html.IdFor(m => m.AllowPasswordFlow)");
            var allowClientCredentialsFlow = $("#@Html.IdFor(m => m.AllowClientCredentialsFlow)");
            if (!enableTokenEndpoint.prop("checked")) {
                allowPasswordFlow.prop("checked", false);
                allowClientCredentialsFlow.prop("checked", false);
            }
            var showOrHide = enableTokenEndpoint.prop("checked") ? "show" : "hide";
            allowPasswordFlow.parent().parent().collapse(showOrHide);
            allowClientCredentialsFlow.parent().parent().collapse(showOrHide);
        }
        function refreshEnableAuthorizationEndpoint() {
            var enableAuthorizationEndpoint = $("#@Html.IdFor(m => m.EnableAuthorizationEndpoint)");
            var allowImplicitFlow = $("#@Html.IdFor(m => m.AllowImplicitFlow)");
            if (!enableAuthorizationEndpoint.prop("checked")) {
                allowImplicitFlow.prop("checked", false);
            }
            allowImplicitFlow.parent().parent().collapse(enableAuthorizationEndpoint.prop("checked") ? "show" : "hide");
        }
        function refreshAllowAuthorizationCodeFlowVisibility() {
            var allowAuthorizationCodeFlow = $("#@Html.IdFor(m => m.AllowAuthorizationCodeFlow)");
            if ($("#@Html.IdFor(m => m.EnableTokenEndpoint)").prop("checked") && $("#@Html.IdFor(m => m.EnableAuthorizationEndpoint)").prop("checked")) {
                allowAuthorizationCodeFlow.parent().parent().collapse("show");
            }
            else {
                allowAuthorizationCodeFlow.prop("checked", false);
                allowAuthorizationCodeFlow.parent().parent().collapse("hide");
            }
        }
        function refreshAllowRefreshTokenFlowVisibility() {
            var allowRefreshTokenFlow = $("#@Html.IdFor(m => m.AllowRefreshTokenFlow)");
            if ($("#@Html.IdFor(m => m.EnableTokenEndpoint)").prop("checked")
                && ($("#@Html.IdFor(m => m.AllowPasswordFlow)").prop("checked") || $("#@Html.IdFor(m => m.AllowAuthorizationCodeFlow)").prop("checked"))) {
                allowRefreshTokenFlow.parent().parent().collapse("show");
            }
            else {
                allowRefreshTokenFlow.prop("checked", false);
                allowRefreshTokenFlow.parent().parent().collapse("hide");
            }
        }
    };
//]]>
</script>
